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(57) In a method and apparatus for binding network 
identities to locally-meaningful identities in a computer 
network, a client computer (12) is connected to a server 
computer (10) that performs various functions request- 
ed by an operator of the client computer (1 2). The server 
computer (10) assigns a temporary locally-meaningful 
identity to the operator of the client computer (12), and 
receives and responds to requests to perform functions 
from the client computer (12). The server computer (1 0) 



triggers an ownership fault condition in response to a 
particular request received from the client computer. In 
response to the ownership fault condition, the server 
computer (10) assigns a permanent local identity to the 
network identity associated with the operator of the cli- 
ent computer (12), depending on its security policy. The 
permanent local identity may be retrieved from a pool of 
previously allocated locally-meaningful identities main- 
tained by the server computer, or the permanent local 
identity may be created as needed. 
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(S) Method of operating a computer network 



(57 



In a method and apparatus for binding net- 
work identities to locally-meaningful identities 
in a computer network, a client computer (12) is 
connected to a server computer (10) that per- 
forms various functions requested by an 
operator of the client computer (12). The server 
computer (10) assigns a temporary locally- 
meaningful identity to the operator of the client 
computer (12), and receives and responds to 
requests to perform functions from the client 
computer (12). The server computer (10) trig- 
gers an ownership fault condition in response 
to a particular request received from the client 
computer. In response to the ownership fault 
condition, the server computer (10) assigns a 
permanent local identity to the network identity 
associated with the operator of the client com- 
puter (12), depending on its security policy. The 
permanent local identity may be retrieved from 
a pool of previously allocated locally-meaning- 
ful identities maintained by the server com- 
puter, or the permanent local identity may be 
created as needed. 
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This invention relates to a method for operating 
a computer network, and to apparatus for carrying out 
such a method. 

Local area networks (LANs) allow personal com- 
puters (PCs) to share resources typically located at a 
host computer, such as files and printers. These 
types of networks are generally referred to as cli- 
ent/server networks, wherein the PCs are considered 
"clients" whose requests are processed by the host 
"server". 

Network operating systems are increasingly 
making use of "network-wide" user identities in which 
a "network user", such as John Smith, is given a sin- 
gle network-wide identity that can be used to uniquely 
identify that user anywhere in the network. Network- 
wide user identities simplify administrative and other 
tasks by permitting a single network-wide "name" to 
be used to identify a particular user regardless of net- 
work topology or organization. However, server com- 
puters typically require a separate locally-meaningful 
user identity or account to track ownership and usage 
of resources local to the server computer. For exam- 
ple, UNIX systems use the locally-meaningful integer 
"User Identifier" or simply "uid" to track ownership of 
files, directories and processes. 

Because the set of valid "network users" can be 
vastly larger than the number of individual users that 
can be adequately supported on a particular server 
computer, it is impractical to create a locally-meaning- 
ful identity for every network user on each and every 
server on the network. For example, a university may 
have tens of thousands of students who are each dis- 
tinct "network users", but creating tens of thousands 
of local user accounts on a number of different server 
computers is impractical on all but the largest comput- 
ers. 

It is an object of the present invention to provide 
a method of operating a computer network including 
a client computer and a server computer, wherein a 
user of the network may be automatically assigned a 
local identity at the server in an efficient manner. 

Therefore, according to the present invention, 
there is provided a method of operating a computer 
network including a client computer and a server 
computer, characterized by controlling said server 
computer to perform the steps of: assigning a tempor- 
ary local identity to the network identity associated 
with the operator of the client computer; receiving and 
responding to requests from the client computer to 
perform functions; triggering an ownership fault con- 
dition in response to a particular request received 
from said client computer, and assigning a permanent 
local identity to the network identity associated with 
the operator of the client computer in response to said 
ownership fault condition. 

An advantage of a method according to the pres- 
ent invention is that it is suitable for managing net- 
work access to server computers, when the bulk of 



such network access does not require the use of 
unique locally-meaningful identities. More specifical- 
ly, the present invention allows a large population of 
network identities to be mapped to "guest" or tempor- 
5 ary locally-meaningful identities on a server comput- 
er for normal access, and then assigning a permanent 
local identity to a network identity only when an "own- 
ership fault" occurs. This technique avoids the im- 
practical alternative of creating a locally-meaningful 
10 identity for every network user on each and every 
server on the network. 

Another advantage of the present invention is 
that it provides a technique for assigning locally- 
meaningful identities or user accounts to network 
15 identities in a manner that eliminates the need for 
manual effort. As a result, the present invention can 
greatly simplify the efforts required of system admin- 
istrators in managing network access to a server 
computer. Moreover, the owners of local resources, 
20 such as files, on a server computer can be readily 
identified. 

One embodiment of the present invention will 
now be described by way of example with reference 
to the accompanying drawings, in which:- 
25 Figure 1 illustrates a typical client/server com- 

puter network architecture; and 
Figure 2 is a flow chart illustrating the steps per- 
formed in the present invention. 
Figure 1 is a block diagram of an illustrative cli- 
30 ent/server system or network in which the present in- 
vention may be utilized. The network includes a ser- 
ver computer 10 connected to a plurality of client 
workstations or personal computers (PCs) 1 2 via a lo- 
cal area network (LAN) 14. The server computer 10 
35 provides the client PCs 1 2 shared access to data stor- 
ed on hard disk 16. 

In one illustrative arrangement, the server com- 
puter 10 may be an AT&T System 3450™ computer 
running under the control of the UNIX® System V Re- 
40 lease 4.0 operating system 1 8. Each of the client PCs 
12 may operate under the control of the well-known 
MS-DOS® operating system or OS/2® operating sys- 
tem 20. The LAN 14 may be the AT&T STARLAN™ 
system. 

45 The client PCs 12 and server computer 10 may 

use the AT&T StarGROUP™ system software. This 
StarGROUP™ system software allows MS-DOS and 
OS/2 client PCs 12 to transparently share data files 
across the LAN 14. The server computer 10 can sup- 
so port one or more large hard disks 1 6 that can be made 
available to client PCs 12 on the LAN 14. 

The UNIX operating system 1 8 controlling the op- 
eration of the server computer 10 is divided into three 
layers, including a user level 22, a kernel level 24, and 
55 a hardware level 26. The user level 22 includes user 
programs 28 such as a server program 30 and librar- 
ies 32 that interface to client PCs 12 via LAN 14 to en- 
able access to the desired data stored in disk 16. The 
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kernel level 24 includes a system call interface 34, file 
system 36, process control subsystem 38, device 
driver 40, and hardware control 42, so that it interacts 
directly with the hardware level 26 providing common 
services to the user level 22 to insulate the user level 5 
22 from hardware level 26 idiosyncrasies. The hard- 
ware level 26 includes a hardware device driver 44 
and provides the operating system 20 with basic ser- 
vices needed by computer 1 0. 

The system call interface 34 of the kernel level 24 w 
represents the border between the user level 22 and 
the kernel level 24. The system call interface 34 con- 
verts user program calls into UNIX system calls. Sys- 
tem calls look like ordinary function calls in C pro- 
grams, and libraries 32 map these function calls to the 15 
primitives needed to enter the operating system in a 
well-known manner. The set of system calls includes 
those that interact with the process control subsys- 
tem 38 and those that interact with the file system 36. 

Software 46 on the client PC 1 2 interacts with the 20 
server program 30 on the server computer 1 0 to allow 
access to the disk 16. Specifically, system calls by 
the software 46 that reference disk 16 are packaged 
into request messages by a redirector 48 and trans- 
mitted to the server program 30 by network software 25 
50 and the LAN interface 52 over the LAN 14. 

Figure 2 is a flow chart illustrating the steps per- 
formed in the present invention, wherein the interac- 
tion of the server 10 and the client PCs 12 from the 
perspective of the server 1 0. 30 

Block 54 represents the server 10 receiving and 
responding to a Negotiate Server Message Block 
(SMB) from the client PC 12, wherein the server 10 
determines the protocol dialect to use with the client 
PC 12. The SMB protocol is a well-known protocol 35 
used in many networking products. The Negotiate 
SMB is the first SMB sent on a newly established vir- 
tual circuit. In the response to the Negotiate SMB, the 
server 10 sends information to the client PC 12 indi- 
cating its capabilities. The final step in the negotiation 40 
occurs when the client PC 12 sends a Session Setup 
And X SMB. 

Block 56 represents the server 10 receiving and 
responding to the Session Setup And X SMB to au- 
thenticate an incoming network identity from the cli- 45 
ent PC 12. The Session Setup and X SMB includes 
the user's network-wide user name and the name of 
the administrative network domain that they belong 
to. For example, the user name might be "JOHN- 
SMITH" and the domain name might be "ACCOUNT- 50 
ING." The server 1 0 consults its local mapping of net- 
work identities to locally-meaningful identities to re- 
trieve the locally-meaningful identity to which the in- 
coming network identity is mapped. 

On a UNIX system, such a mapping might be im- 55 
plemented as a file that associates "usernamerdo- 
main" name pairs with locally-meaningful UNIX user 
accounts. For instance, "J O HNS Ml TH": "AC COUNT- 



ING" might map to the locallyf-meaningful "smith" 
identity. The well-known UNIX system file "/etc/pro- 
file" maps the locally-meaningful name "smith" to the 
appropriate numeric uid for that particular UNIX sys- 
tem. 

If the incoming network identity does not have an 
explicitly assigned locally-meaningful identity, then 
the server 10 assigns the user a "guest" locally- 
meaningful identity. Assume for the remainder of this 
discussion that the incoming network identity does 
not map explicitly to any locally-meaningful identity 
and that it has thus been assigned a "guest" locally- 
meaningful identity. 

Block 58 represents the server 10 receiving a 
command from the user that triggers an "ownership 
fault". Such commands may include, for example, cre- 
ating a new file or directory, taking ownership of an 
existing file ordirectory, or other functions. For exam- 
ple, the command could be a Create And X SMB to 
create or open a file or a directory, wherein the action 
taken by server 10 is dependent on the name of the 
object being opened, whether the object already ex- 
ists, whether the user is authorized to access the 
named object, and other factors, and a file handle is 
returned that can be used by subsequent service 
calls to manipulate the file itself or the data within the 
file. 

Since a file stored on the server 10 must be 
owned by a valid local identity (e.g., a UNIX uid) and 
the user's network identity has been mapped to the 
"guest" locally-meaningful identity, i.e., a locally- 
meaningful identity that is not assigned to a unique 
user, the server 1 0 triggers an ownership fault. Upon 
triggering the ownership fault, decision block 60 rep- 
resents the server 10 deciding whether or not to per- 
mit the network user to proceed to take ownership of 
the resources based upon the security policy estab- 
lished on the server 10. The security policy may dic- 
tate how to handle ownership faults based upon the 
organization or administrative domain that the user 
belongs to, what network-wide groups the user be- 
longs to, or any other set of characteristics. If the user 
is denied permission to take ownership of the re- 
source, then block 62 represents the request failing 
and the server 10 returning an appropriate error mes- 
sage to the client PC 12. 

If permission is granted to take ownership of the 
resource, then block 64 represents the server 10 as- 
signing a pre-existing local identity from a pool of pre- 
viously allocated locally-meaningful identities to the 
user. The pool of previously allocated locally-mean- 
ingful identities would allow a quick assignment of lo- 
cally-meaningful identities on the occurrence of an 
ownership fault. For example, a server 10 may con- 
tinuously maintain a pool of 5 spare locally-meaning- 
ful identity user accounts, e.g., "newuserl" through 
"newuser5." The first time that an ownership fault is 
triggered and cleared by granting the user permission 
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to own the resource, then the server 10 assigns the 
"newuserl" local identity to the user. It is envisioned 
that the server 1 0 would thereafter create another 
"spare" locally-meaningful identity, e.g., "newuser6", 
so that the pool is maintained at an adequate level. 

Alternatively, block 64 represents the server 10 
creating a locally-meaningful identity for the user's 
network identity, for example, using the UNIX com- 
mand "useradd". However, this technique would prob- 
ably incur a real-time performance penalty, since the 
time to add a new local identity grows rapidly with the 
number of local identities assigned on some servers 
10. Nevertheless, such a technique does not require 
using pre-existing accounts. Moreover, the local iden- 
tity thus created may be more obviously related to the 
network identity than an arbitrary local identity, e.g., 
the network identity "ERICBAUER" may be mapped 
to a local identity of "ejb" rather than "newuserl". 

Regardless of how the locally-meaningful identi- 
ty is assigned, block 64 also represents the server 10 
updating its records to show that, henceforth, this 
particular user's network identity will be mapped to 
the newly created and/or assigned locally-meaningful 
identity. For example, the server 10 may use the 
UNIX library 32 call "getpwent" to retrieve the UNIX 
user identity (uid) and UNIX group identity (gid) as- 
signed to the newly created local identity, and then 
update the data in the local user-specific data records 
on the server 10 to reflect this new UNIX uid. 

Block 66 represents the server 1 0 performing the 
requested command that caused the ownership fault. 
For example, the server 10 may complete its re- 
sponse to the Create And X SMB by creating the re- 
quested file and using the UNIX system call "chown" 
to set the ownership of this file to the correct UNIX uid 
associated with the locally-meaningful identity. At 
this point the UNIX system call "stat" should indicate 
that the file created in block 66 is owned by the local- 
ly-meaningful identity that was assigned to the in- 
coming network identity in block 64. 

Block 68 represents the server 10 generating a 
status response for the requested command to the cli- 
ent PC 12 indicating whether the operation was suc- 
cessful. 

For the duration of this connection between the 
client PC and server computer, no further ownership 
faults should occur, because the network identity of 
the operator of the client PC is permanently mapped 
to the unique locally-meaningful identity. Moreover, 
during subsequent sessions between the operator 
and the server 1 0, the network identity of the operator 
should be authenticated by the server 10, because of 
the persistent mapping between the network identity 
and the locally-meaningful identity maintained by the 
server 10. Thus, the network identity of the operator 
should never again be assigned the "guest" or tem- 
porary local identity when accessing the server 10. 



Claims 

1. A method of operating a computer network in- 
cluding a client computer (12) and a server com- 

s puter (10), characterized by controlling said ser- 

ver computer to perform the steps of: assigning 
a temporary local identity to the network identity 
associated with the operator of the client comput- 
er (12); receiving and responding to requests 

w from the client computer (12) to perform func- 

tions; triggering an ownership fault condition in 
response to a particular request received from 
said ciient computer (12); and assigning a perma- 
nent local identity to the network identity associ- 

15 ated with the operator of the client computer in re- 

sponse to said ownership fault condition. 

2. A method according to claim 1, characterized in 
that said assigning step includes the step of re- 

20 trieving the permanent local identity from a pool 

of previously allocated locally- meaningful identi- 
ties. 

3. A method according to claim 2, characterized in 
25 that said assigning step further includes the step 

of creating additional permanent locally-mean- 
ingful identities, so that the pool of previously al- 
located locally-meaningful identities is main- 
tained at an adequate level. 

30 

4. A method according to claim 1, characterized in 
that said assigning step includes the step of cre- 
ating the permanent local identity when said own- 
ership fault condition occurs. 

35 

5. A method according to any one of the preceding 
claims, characterized by the step of updating re- 
cords in said server computer (10) to reflect the 
assignment of the permanent local identity by 

40 mapping the network identity to the permanent 

local identity. 

6. A method according to any one of the preceding 
claims, characterized in that said particular re- 

45 quest is selected from a group comprising a re- 

quest to create a file, a request to create a direc- 
tory, a request to take ownership of an existing 
file, a request to take ownership of an existing di- 
rectory, a request to print a file, a request to con- 

50 trol a print job, and a request to examine a print 

job's status. 

7. A method according to claim 6, characterized by 
the step of determining whether to perform the 

55 particular request according to a characteristic 

associated with the network identity, and if said 
particular request is not to be performed, effect- 
ing the steps of denying the particular request 
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and responding to the particular request by trans- 
mitting an appropriate error message to the client 
computer (12). 

8. A computer network for carrying out a method ac- 5 
cording to any one of the preceding claims, in- 
cluding a first computer (12) and a second com- 
puter (10) coupled to the first computer (12) for 
performing functions requested by an operator of 
the first computer (12), characterized in that said 10 
second computer (10) includes: means for as- 
signing a temporary local identity to the network 
identity associated with the operator of the first 
computer; means for receiving and responding to 
requests from the first computer to perform f unc- 1 s 
tions; means for triggering an ownership fault 
condition in response to a particular request re- 
ceived from the first computer and means for as- 
signing a permanent local identity to the network 
identity associated with the operator of the first 20 
computer in response to the ownership fault con- 
dition. 
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